WordPress Plugin Vulnerabilities

Poll Maker < 5.5.5 - Unauthenticated HTML Injection

Description

The plugin is vulnerable to HTML Injection due to the software not properly sanitizing or escaping data added to polls. This makes it possible for unauthenticated attackers to inject HTML elements.

Affects Plugins

Plugin icon
poll-maker
Fixed in 5.5.5

References

CVE
CVE-2024-56277
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/e36056bf-4e90-4c5e-8c6a-ab3ae7ba426f

Classification

Type
CONTENT INJECTION
OWASP top 10
A1: Injection
CWE
CWE-345
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Muhammad Zidan Ali Mansur
Verified
No
WPVDB ID
d85949db-42a9-4a8a-bca1-9026d64a85b7

Timeline

Publicly Published
2025-01-03 (about 1 year ago)
Added
2025-02-14 (about 1 year ago)
Last Updated
2025-02-14 (about 1 year ago)

Other

Published
Title
Published
2021-07-12
Title
Frontend File Manager < 18.3 - Unauthenticated HTML Injection
Published
2024-03-08
Title
EventPrime – Events Calendar, Bookings and Tickets < 3.4.3 - Unauthenticated Booking Payment Bypass
Published
2026-02-21
Title
The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce < 6.4.8 - Unauthenticated Email Relay
Published
2025-12-12
Title
TI WooCommerce Wishlist < 2.11.0 - Unauthenticated HTML Injection
Published
2023-10-11
Title
Responsive Tabs < 4.0.6 - Authenticated (Contributor+) Content Injection